Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clean code

Browse Source
This commit is contained in:
Laurent Destailleur 2022-01-19 22:49:53 +01:00
parent b09cb42e25
commit 3ae63cb111
3 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
htdocs/core/modules/oauth/google_oauthcallback.php
View File

@ -98,9 +98,6 @@ $apiService = $serviceFactory->createService('Google', $credentials, $storage, $
// also note that a refresh token is sent only after a prompt
$apiService->setAccessType('offline');
$apiService->setApprouvalPrompt('force');
//$apiService->setLoginHint(email); // If we know the email of Google account, we can set it to have it correctly selected on login prompt on multiaccount
$langs->load("oauth");
@ -178,14 +175,22 @@ if (GETPOST('code')) { // We are coming from oauth provider page.
// to the OAuth provider login page
$_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl;
if (!preg_match('/^forlogin/', $state)) {
$apiService->setApprouvalPrompt('force');
}
// This may create record into oauth_state before the header redirect.
// Creation of record with state in this tables depend on the Provider used (see its constructor).
if (GETPOST('state')) {
$url = $apiService->getAuthorizationUri(array('state'=>GETPOST('state')));
if ($state) {
$url = $apiService->getAuthorizationUri(array('state' => $state));
} else {
$url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated
}
// Add more param
$url .= '&nonce='.bin2hex(random_bytes(64/8));
// TODO Add param hd and/or login_hint
// we go on oauth provider authorization page
header('Location: '.$url);
exit();

13
htdocs/core/tpl/login.tpl.php
View File

@ -331,21 +331,16 @@ if (isset($conf->file->main_authentication) && preg_match('/google/', $conf->fil
echo '<br>';
echo '<div class="center" style="margin-top: 4px;">';
$shortscope = 'userinfo_email,userinfo_profile';
$shortscope .= ',openid,email,profile'; // For openid connect
//$shortscope = 'userinfo_email,userinfo_profile';
$shortscope = 'openid,email,profile'; // For openid connect
$oauthstateanticsrf = bin2hex(random_bytes(128/8));
$_SESSION['oauthstateanticsrf'] = $shortscope.'-'.$oauthstateanticsrf;
$urltorenew = $urlwithroot.'/core/modules/oauth/google_oauthcallback.php?shortscope='.$shortscope.'&state='.$shortscope.$oauthstateanticsrf.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
$urltorenew = $urlwithroot.'/core/modules/oauth/google_oauthcallback.php?shortscope='.$shortscope.'&state=forlogin-'.$shortscope.'-'.$oauthstateanticsrf;
$url = $urltorenew;
//if (!empty($url)) {
print img_picto('', 'google', 'class="pictofixedwidth"').'<a class="alogin" href="'.$url.'">'.$langs->trans("LoginWith", "Google").'</a>';
/*} else {
$langs->load("errors");
print '<span class="warning">'.$langs->trans("ErrorOpenIDSetupNotComplete", 'MAIN_AUTHENTICATION_OPENID_URL').'</span>';
}*/
print img_picto('', 'google', 'class="pictofixedwidth"').'<a class="alogin" href="'.$url.'">'.$langs->trans("LoginWith", "Google").'</a>';
echo '</div>';
}

4
htdocs/includes/OAuth/OAuth2/Service/Google.php
View File

@ -163,8 +163,8 @@ class Google extends AbstractService
{
// LDR CHANGE Add approval_prompt to force the prompt if value is set to 'force' so it force return of a "refresh token" in addition to "standard token"
//return new Uri('https://accounts.google.com/o/oauth2/auth?access_type='.$this->accessType);
$url = 'https://accounts.google.com/o/oauth2/auth?nonce='.bin2hex(random_bytes(64/8)).'&'.($this->approvalPrompt?'approval_prompt='.$this->approvalPrompt.'&':'').'access_type='.$this->accessType;
// TODO Add param hd and/or login_hint
$url = 'https://accounts.google.com/o/oauth2/auth?'.($this->approvalPrompt?'approval_prompt='.$this->approvalPrompt.'&':'').'access_type='.$this->accessType;
return new Uri($url);
}